October 3, 2023

VMware has confirmed a recently patched critical command injection vulnerability affecting its Aria Operations for Networks tool is being exploited in the wild.

A PoC of an exploitation was published on GitHub and five days after researchers reported observing attempts to utilize the PoC code. The exploited vulnerability is one of three high-severity vulnerabilities VMware disclosed on June 7. Tracked as CVE-2023-20887, the command injection vulnerability has a CVSS score of 9.8 and opens the door to an attacker to execute code remotely on targeted systems.

The Aria Operations for Networks monitoring tool is used to provide network visibility and analytics to accelerate micro-segmentation security, minimize risk during application migration, optimize network performance and confidently manage and scale VMware NSX, VMware SD-WAN, and Kubernetes deployments.

Advertisements

VMware advised customers to apply them in a timely manner to protect their environment but said it was not aware of any of the vulnerabilities being exploited. But recently updated the advisory confirming the exploitation has occurred in wild.

The instructions of patching for all versions of the Aria Operations for Networks tool at risk from the vulnerability can be found on VMware’s Customer Connect website.

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: